sync: auto-sync from GURU-5070 at 2026-06-10 20:18:48

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-10 20:18:48
This commit is contained in:
2026-06-10 20:19:05 -07:00
parent 1cd8ff8edf
commit 417a2dea07
19 changed files with 873 additions and 0 deletions

View File

@@ -0,0 +1,28 @@
# Azure / Cloud Services
## Azure Subscription
- Subscription Name:
- Subscription ID:
- Resource Group(s):
- Region:
- Monthly Spend (approx):
## Virtual Machines
| VM Name | Size | OS | IP | Purpose |
|---------------|------------|------------|------------|-----------------|
| | | | | |
## Networking
- Virtual Network:
- Address Space:
- Subnets:
- VPN Gateway to On-Prem: Yes/No
- ExpressRoute: Yes/No
## Other Cloud Services
<!-- AWS, Google Workspace, third-party SaaS -->
| Service | Purpose | Admin URL | Notes |
|-----------------|------------------|------------------|-----------------|
| | | | |
## Notes

View File

@@ -0,0 +1,51 @@
# Microsoft 365
## Tenant Info
- Tenant Name: Von's Carstar
- Tenant ID: 53de51b9-a063-4f46-88ff-7c3468828ed9
- Primary Domain: vonscarstar.com
- Tenant Type: Managed (not federated)
- Admin Portal URL: https://admin.microsoft.com
## ComputerGuru Management Access
- **App suite onboarded:** 2026-06-01 (Tenant Admin consented by Rob; rest auto-consented + roles assigned via `onboard-tenant.sh`).
- Tenant Admin → Conditional Access Administrator
- Security Investigator → Exchange Administrator
- Exchange Operator → Exchange Administrator
- User Manager → User Administrator + Authentication Administrator
- Defender Add-on → **incomplete** (2 ATP perms failed — no Microsoft Defender for Endpoint license; re-run onboard if MDE is added)
- **GDAP:** not required for ongoing access — the app-suite consent above gives durable, **non-expiring** admin access independent of GDAP, so the impending GDAP expiry is a non-issue. Reissue GDAP via the suite/CIPP only if delegated/portal admin is ever specifically needed. (Aside: the CIPP API client `ClaudeCipp2`/`420cb849` currently has no CIPP role — 403 on every endpoint — so CIPP-API automation is unavailable until a role is assigned; not blocking anything here.)
## Licensing
<!-- Verified via remediation tool (Graph) 2026-06-01: 10 users total. -->
| License Type | Quantity | Assigned | Available |
|--------------------------------------|----------|----------|-----------|
| Exchange Online (Plan 1) — EXCHANGESTANDARD | 8 | 8 | 0 |
Total users: **10** (8 licensed; 2 unlicensed — likely shared mailboxes / admin).
## Exchange Online
- Mail Domain(s): vonscarstar.com
- MX Record Points To: `vonscarstar-com.mail.protection.outlook.com` (M365 / EOP, pref 0)
- **Stale secondary MX:** `mx00.1and1.com` (1&1 IONOS, pref 10) — leftover from a prior host; should be removed to avoid split/misrouted delivery.
- SPF Record: <!-- TBD -->
- DKIM Enabled: <!-- TBD -->
- DMARC Policy: <!-- TBD -->
- Shared Mailboxes:
- Distribution Groups:
- Mail Flow Rules:
## SharePoint / OneDrive
- External Sharing: <!-- TBD -->
## Entra ID (Azure AD)
- MFA Enforced: <!-- TBD -->
- Conditional Access Policies: <!-- TBD (Tenant Admin SP now holds CA Admin) -->
## Security
- Defender for Office 365: <!-- TBD -->
- MDE (Defender for Endpoint): No (Defender Add-on onboarding failed on missing MDE license)
- Audit Log Retention: <!-- TBD -->
## Notes
- Onboarding + GDAP work: session 2026-06-01. tenants.md row = Onboarded: YES.